> If I need to block all data from going out over a
> PPP-connection for a few minutes, how do I do it? The
> procedure would be used frequently but always only for a very
> short time, thus should take a few seconds at most to
> activate/deactivate.
That is a highly odd request, but I suppose a quick and
dirty way to do it would be to remove the route through
the ppp interface -
/sbin/route del default (assuming that's you're default
route. Tweak as appropriate.)
> By the way, can any hackers invade my linux box when I'm
> connected via PPP but do not have an IP address myself?
I'm not sure what you mean by this. If you're connected by
PPP you have an IP address by definition, unless you're
referring to before the PPP connection is established. If
what you're trying to do is shut down the interface in
response to an attack, the above solution would make your
computer unable to respond to the attackers' packets making
application-based attacks impossible. Note they would
still be able to do protocol-based attacks such as land.
Of course, which such attacks, if you were susceptible you'd
already hang before your NIDS had a chance to respond so
the limitation is rather moot. I do not know of a way you
could stop all traffic from entering through that interface
since your ISP is going to shove the packet down the pipe,
unless you use ipfwadm or ipchains to deny all traffic
to and from that port, which is probably the better
solution anyway. This solution requires the kernel to be
[re]compiled with firewall support, while the first
solution does not.
Hope this helps, even though I rambled a bit. ;-)
~Patrick
